Welcome to WebmasterWorld Guest from 126.96.36.199
Forum Moderators: ergophobe
joined:Apr 13, 2002
Trustwave SpiderLabs... has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla... Combining that vulnerability with other security weaknesses, our Trustwave SpiderLabs researchers are able to gain full administrative access to any vulnerable Joomla site.
Within 24 hours there were already Internet-wide scans probing for the flaw and the number of attacks continued to increase over the weekend. On Monday, Sucuri recorded 12,000 exploitation attempts against the Joomla sites of its customers.
Joomla and Wordpress are junk. They are "free" therefore you give them the right to be owned.
"GET /joomla/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=75&type_id=1&list[select]=(ExtractValue()) HTTP/1.0" 403 1496 "-" "-"Coming from compromised servers (I assume) across the globe.
there are fewer bad security vulnerability in plugins and some changes in both code and procedure (I believe all modules will require full automated tests for the module to be accepted) will make that even less likely in Drupal 8.
Unless a customer demands a CMS, I hard code itI agree. Most everything I do is hand-coded using unique files names to lessen the probability of an exploit match. I don't even use php contact forms offered by hosting companies, or any other out-of-the-box scripts. If I do use php I use a custom php.ini and write my own code with custom, built-in security.
I pretty sure they could find a way to get "us", too!
unless the site itself is high-value or has a footprint that marks it as exploitable or by random poor luck/skill duplicates an exploit in a major CMS, nobody is going after you.Not true. The threat model today is often bot nets of infected servers sending out hundreds of exploit probes to every site it finds, not just "high-value" site. I see it all the time on client's sites.
However, almost every hosting company now offers CMS, often as a 1 click install. This attracts customers. Most web designers will also offer CMS choices. It's the new look in many genres, complete with social tagging. It looks good, it's fictional and customers love it.